header-logo
Suggest Exploit
vendor:
MonoChat
by:
Unknown
7.5
CVSS
HIGH
HTML Injection
79
CWE
Product Name: MonoChat
Affected Version From: 1
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: a:monochat:monochat:1.0
Metasploit:
Other Scripts:
Platforms Tested: Unknown
Unknown

HTML Injection Vulnerability in MonoChat

The MonoChat application is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content. This allows an attacker to inject malicious HTML and script code, which would be executed in the context of the affected website. This could potentially lead to the theft of cookie-based authentication credentials or control over how the site is rendered to the user. Other attacks may also be possible.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize and validate user-supplied input before using it in dynamically generated content. This can be achieved by implementing proper input validation and output encoding techniques.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/17983/info

MonoChat is prone to an HTML-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in dynamically generated content. 

Attacker-supplied HTML and script code would be executed in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials or to control how the site is rendered to the user; other attacks are also possible.

MonoChat 1.0 is reported to be affected. Other versions may be vulnerable as well.

Insert in your message :

<script>alert("Hacked by mdk")</script>

then go to monochat_affichage.php3